Security●●Solid
AgentToolBench-Code – security benchmark for AI coding agents
Expands corpus to 16 CVE-anchored scenarios to break model ties.
Big BrainNiche Gem
allenwu06
1019d ago
Back to browse
GitHub Repository
4 starsShell
ClawSandbox – 7/9 attacks succeeded against an AI agent w/ shell access
by ariansyah·Mar 4, 2026·3 points·4 comments
AI Analysis
●●●BangerBig BrainSolve My ProblemZero to One
First systematic attack framework proving 7/9 exploits work on AI agents with shell access.
Strengths
- •Generalizable methodology: tests apply to AutoGPT, LangChain, Cursor, Devin—any agent with code execution, not just OpenClaw.
- •Real attack surface: prompt injection, memory poisoning, privilege escalation, data exfiltration—maps to actual LLM Top 10 vulnerabilities.
- •Published results with rigor: 7/9 succeeded against Gemini 2.5 Flash + OpenClaw; actionable findings instead of speculation.
Weaknesses
- •GitHub page truncated—missing implementation details, Docker setup clarity, and how to 'bring your own agent' reproducibly.
- •Narrow immediate applicability: useful for agent builders and security researchers, but risk surface shrinks as agents get better isolation.
Category
Target Audience
AI/ML engineers, security researchers, developers building autonomous agents with code execution
Similar To
OWASP LLM Top 10 · Prompt Injection benchmarks (HuggingFace, Anthropic's red-teaming) · Container escape test suites
Similar Projects
Security●Mid
Temper Labs – open-source security testing for AI agents
Agent red-teaming via UI, but attack catalog is shallow and comparison unclear vs. manual testing.
Big BrainShip It
martifarre
113mo ago
Security○Pass
Synesthetic Computation
The author walks the reader through a full exploit chain that starts with a UX/trust-boundary trick and ends in RCE by causing a client to connect to an attacker gateway, leak a token, and reconfigure the agent’s execution environment. It's a sharp systems narrative that will change how you think about agents crossing chat, browser, and local tooling — excellent reading for defenders and attacker-minded engineers, but it's an investigative article rather than a ship-or-tool.
WizardryRabbit Hole
agamrafaeli
103mo ago
Developer Tools●Mid
Skylos – A Python dead code finder benchmarked against 9 libraries
Benchmarked dead code finder across FastAPI, Pydantic, Flask—but Vulture, Bandit already solve this.
Solve My Problem
duriantaco
313mo ago
Security●●Solid
OWASP VulnerableApp Break It.Scan It.Benchmark Against It.Improve It
Scanner benchmarking for DAST tools. DVWA and Juice Shop dominate security training.
Niche Gem
newaccount12344
618d ago
Security●●Solid
Open-source white-box agentic red teamer for AI agents
White-box agent red teaming finds 5x more vulns than black-box prompt injection.
Dark HorseSolve My Problem
ashish-a
102mo ago